% pfilter - packet filtering for GNU/Linux
%
% pfilter ruleset for globus service

% Copyright 2003 Neil Gorsuch
%
% This file is part of pfilter.
%
% pfilter is free software; you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation; either version 2 of the License, or
% (at your option) any later version.
%
% pfilter is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with this program; if not, write to the Free Software
% Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

% SMB is defined as a special service because it opens 4 tcp ports and 
% 4 udp ports, and because it needs to respond to certain broadcast packets

%macro service-smb-open src_address dest_address src_int dest_int src_bcast dest_bcast 
# SMB services use udp broadcast packets to ports 137 and 138,
%if %src_bcast% != UNKNOWN
%open_protocol_port% %src_address% %src_bcast% %src_int% ANY udp 137
%open_protocol_port% %src_address% %src_bcast% %src_int% ANY udp 138
%endif
# and use tcp and udp ports 137, 138, 139, and 445.
%loop port 137 138 139 445
%loop protocol tcp udp
%open_protocol_port% %src_address% %dest_address% %src_int% %dest_int% %protocol% %port%
%endloop
%endloop
%endmacro

%macro service-smb-close src_address dest_address src_int dest_int src_bcast dest_bcast 
# SMB services use udp broadcast packets to ports 137 and 138,
# and use tcp and udp ports 137, 138, 139, and 445.
%if %src_bcast% != UNKNOWN
%close_protocol_port% %src_address% %src_bcast% %src_int% ANY udp 137
%close_protocol_port% %src_address% %src_bcast% %src_int% ANY udp 138
%endif
for protocol in tcp udp ; do
  for port in 137 138 139 445 ; do
    %close_protocol_port% %src_address% %dest_address% %src_int% %dest_int% $protocol $port
  done
done
%endmacro

